ComboFix 09-08-29.01 - - Digiplay - Agust-2009 7:22.2.2 - NTFSx86 Running from: d:\documents and settings\- Digiplay -\Desktop\CFX.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} AV: Rising Antivirus *On-access scanning disabled* (Updated) {234E4A88-48FA-4220-A994-5323706FF524} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . d:\docume~1\-DIGIP~1\APPLIC~1\Microsoft\Internet Explorer\Quick Launch\Rising Antivirus.lnk d:\windows\system32\(1)url.dll d:\windows\system32\C4AFAF6E_mciole16.dll d:\windows\system32\C4AFAF6E_url.dll d:\windows\system32\CFB06411_url.dll d:\windows\system32\system.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SKYNETLPDDJMNR -------\Service_SKYNETlpddjmnr ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 ))))))))))))))))))))))))))))))) . 2009-08-31 11:06 . 2009-08-31 11:06 96976 ----a-w- d:\windows\system32\drivers\klin.dat 2009-08-31 11:06 . 2009-08-31 11:06 87855 ----a-w- d:\windows\system32\drivers\klick.dat 2009-08-31 11:06 . 2009-08-31 11:15 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-08-31 11:06 . 2009-08-31 11:06 -------- d-----w- d:\program files\Kaspersky Lab 2009-08-31 10:18 . 2009-08-31 10:18 -------- d-----w- d:\program files\Rising 2009-08-31 04:50 . 2009-08-31 04:50 -------- d-----w- d:\documents and settings\Administrator.DIGIPLAY\Application Data\.purple 2009-08-30 04:10 . 2009-08-30 04:10 -------- d-----w- D:\RegClean 2009-08-30 04:06 . 2009-08-30 04:06 -------- d-----w- d:\documents and settings\Administrator.DIGIPLAY\Local Settings\Application Data\Mozilla 2009-08-30 04:01 . 2009-08-30 04:01 -------- d-----w- d:\documents and settings\Administrator.DIGIPLAY\Application Data\Malwarebytes 2009-08-29 17:48 . 2009-08-29 17:50 -------- d-----w- D:\ConvertXtoDVD 2009-08-29 16:02 . 2009-08-29 17:33 -------- d-----w- d:\windows\BDOSCAN8 2009-08-29 15:17 . 2009-08-29 15:17 -------- d-----w- d:\documents and settings\All Users\Application Data\F-Secure 2009-08-29 15:14 . 2009-08-30 08:42 -------- d-----w- d:\program files\Alwil Software 2009-08-29 05:58 . 2009-08-30 05:52 -------- d-----w- d:\documents and settings\- Digiplay -\.housecall6.6 2009-08-29 05:53 . 2009-08-29 05:53 -------- d-----w- d:\documents and settings\All Users\Application Data\CA 2009-08-29 04:38 . 2009-08-29 04:38 23 --sha-w- d:\windows\system32\abedaebd_x.dat 2009-08-29 04:38 . 2009-08-29 04:39 -------- d-----w- d:\program files\jv16 PowerTools 2009 2009-08-28 07:29 . 2009-08-28 07:29 -------- d-----w- d:\program files\Trend Micro 2009-08-28 06:53 . 2009-07-28 20:33 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys 2009-08-28 05:42 . 2009-08-28 05:42 -------- d-----w- d:\documents and settings\Administrator.DIGIPLAY\Application Data\Malwarebytes-BackupByMalwarebytesPortable 2009-08-27 14:09 . 2009-08-27 14:09 -------- d-sh--w- d:\documents and settings\- Digiplay -\PrivacIE 2009-08-27 06:52 . 2009-08-27 06:52 -------- d-----w- d:\documents and settings\Administrator.DIGIPLAY\Application Data\URSoft 2009-08-27 06:09 . 2009-08-27 06:09 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache 2009-08-27 01:12 . 2009-08-27 01:12 -------- d-----w- d:\documents and settings\Administrator.DIGIPLAY\Local Settings\Application Data\Thinstall 2009-08-27 01:12 . 2009-08-27 01:12 -------- d-----w- d:\documents and settings\Administrator.DIGIPLAY\Application Data\Thinstall 2009-08-26 23:33 . 2009-08-26 23:33 -------- d-sh--w- d:\documents and settings\Administrator.DIGIPLAY\PrivacIE 2009-08-26 23:19 . 2009-08-27 00:42 -------- d-----w- d:\documents and settings\Administrator.DIGIPLAY\Application Data\PC Tools 2009-08-26 23:19 . 2009-08-26 23:19 -------- d-sh--w- d:\documents and settings\Administrator.DIGIPLAY\IETldCache 2009-08-24 17:55 . 2009-08-24 17:55 -------- d-----w- d:\program files\WhatsRunning 2009-08-24 17:40 . 2009-08-24 17:40 -------- dc-h--w- d:\windows\ie8 2009-08-24 17:38 . 2009-08-24 17:38 -------- d-----w- d:\windows\system32\xircom 2009-08-24 17:38 . 2009-08-24 17:38 -------- d-----w- d:\windows\system32\wbem\snmp 2009-08-24 17:38 . 2009-08-24 17:38 -------- d-----w- d:\windows\srchasst 2009-08-24 17:38 . 2009-08-24 17:38 -------- d-----w- d:\program files\microsoft frontpage 2009-08-24 17:31 . 2009-08-24 17:35 -------- d-----w- d:\documents and settings\All Users\Application Data\Rising 2009-08-24 06:06 . 2009-08-24 06:06 -------- d-sh--w- d:\windows\system32\config\systemprofile\IETldCache 2009-08-24 06:06 . 2009-08-24 06:06 -------- d-sh--w- d:\documents and settings\- Digiplay -\IETldCache 2009-08-24 05:57 . 2009-08-26 23:05 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\PC Tools 2009-08-24 05:41 . 2009-08-24 05:41 -------- d-----w- D:\MalwarebytesPortable4 2009-08-23 23:49 . 2009-08-23 23:49 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2009-08-23 23:49 . 2009-08-23 23:49 -------- d-----w- D:\driverscanner2009 2009-08-23 23:23 . 2009-08-31 10:48 164424 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-08-23 23:23 . 2008-07-06 12:06 89088 ------w- d:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-23 23:23 . 2008-07-06 12:06 575488 ------w- d:\windows\system32\dllcache\xpsshhdr.dll 2009-08-23 23:23 . 2008-07-06 12:06 1676288 ------w- d:\windows\system32\dllcache\xpssvcs.dll 2009-08-23 15:38 . 2009-08-23 15:38 89088 ----a-w- d:\windows\system32\osuninst.dll 2009-08-23 10:42 . 2009-08-23 10:42 995383 ----a-w- d:\windows\system32\FE386AD8_mfc42.dll 2009-08-23 10:41 . 2009-08-23 10:41 135168 ----a-w- d:\windows\system32\C4AFAF6E_nvcod.dll 2009-08-23 10:40 . 2009-08-23 15:38 2933248 ----a-w- d:\windows\system32\5B5E8ADD_System.Data.dll 2009-08-23 05:08 . 2009-08-23 23:43 -------- d-----w- d:\windows\DLLArchive 2009-08-23 04:34 . 2009-08-23 04:34 -------- d-----w- d:\program files\AnalogX 2009-08-23 00:18 . 2009-08-23 00:18 104 ----a-w- d:\windows\system32\SBRC.dat 2009-08-22 14:22 . 2009-08-22 14:22 552 ----a-w- d:\windows\system32\d3d8caps.dat 2009-08-22 11:45 . 2009-08-22 11:45 -------- d-----w- d:\documents and settings\Administrator.DIGIPLAY\Application Data\Stardock 2009-08-22 10:46 . 2009-08-23 00:07 -------- d-----w- d:\program files\OnBelay V2 2009-08-22 10:45 . 2009-08-22 10:46 24576 ----a-w- d:\windows\system32\OV2INSTX.DLL 2009-08-22 10:45 . 1998-10-29 20:45 306688 ----a-w- d:\windows\IsUninst.exe 2009-08-22 10:12 . 2007-11-28 14:21 10588 ----a-w- d:\windows\system32\drivers\mpfilt.sys 2009-08-22 08:22 . 2009-08-22 14:54 -------- d-----w- d:\program files\Compaq 2009-08-22 08:08 . 2009-08-22 08:46 -------- d-----w- D:\DriveKey 2009-08-22 06:47 . 2009-08-22 06:51 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\ImgBurn 2009-08-22 06:45 . 2009-08-22 06:45 -------- d-----w- d:\program files\ImgBurn 2009-08-21 05:19 . 2009-08-24 04:27 -------- d-----w- D:\MOVIES-VIDS 2009-08-20 18:37 . 2009-08-21 07:34 -------- d-----w- d:\program files\youtube2mp3 2009-08-20 18:02 . 2009-08-20 18:01 679936 ----a-w- d:\windows\system32\xvidcore.dll 2009-08-20 17:54 . 2009-08-21 09:11 -------- d-----w- D:\YoutubeMP3 2009-08-20 08:15 . 2009-08-20 08:15 -------- d-----w- D:\Backtrack 2009-08-20 08:13 . 2009-08-20 17:29 -------- d-----w- D:\Backtrack4 2009-08-20 08:05 . 2009-08-20 08:17 -------- d-----w- d:\program files\CommViewWiFi 2009-08-20 07:43 . 2009-08-20 07:57 -------- d-----w- d:\program files\CommView 2009-08-19 20:08 . 2009-08-19 20:08 -------- d-----w- D:\Ebooks 2009-08-16 09:35 . 2009-08-31 09:50 -------- d-sh--w- d:\documents and settings\All Users\DRM 2009-08-14 03:45 . 2009-08-14 03:45 -------- d-----w- d:\documents and settings\All Users\Application Data\CounterPath 2009-08-10 03:01 . 2009-08-10 03:13 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\Mp3tag 2009-08-07 03:22 . 2009-08-07 03:23 -------- d-----w- d:\program files\SubDownloader . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-31 11:34 . 2009-02-25 08:22 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\DMCache 2009-08-31 11:08 . 2009-02-25 07:47 8032 --sha-w- d:\windows\system32\drivers\fidbox2.idx 2009-08-31 11:08 . 2009-02-25 07:47 12307488 --sha-w- d:\windows\system32\drivers\fidbox.dat 2009-08-31 11:08 . 2009-02-25 07:47 1114144 --sha-w- d:\windows\system32\drivers\fidbox2.dat 2009-08-31 11:08 . 2009-02-25 07:47 102472 --sha-w- d:\windows\system32\drivers\fidbox.idx 2009-08-31 10:44 . 2009-03-02 09:41 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP 2009-08-31 10:27 . 2009-02-25 09:46 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{E94FD7CC-6945-4744-99C3-9BFF40AA2F24} 2009-08-31 10:27 . 2009-02-25 08:12 -------- d-----w- d:\program files\Stardock 2009-08-31 09:56 . 2009-04-10 01:30 1324 ----a-w- d:\windows\system32\d3d9caps.dat 2009-08-31 09:50 . 2009-06-12 08:50 -------- d-----w- d:\program files\AllMyMovies 2009-08-31 09:50 . 2009-04-27 04:33 -------- d-----w- d:\program files\Flock 2009-08-31 09:50 . 2009-02-25 08:22 -------- d-----w- d:\program files\Internet Download Manager 2009-08-31 09:50 . 2009-02-25 08:13 -------- d-----w- d:\program files\Resource Hacker 3.4.0 2009-08-31 09:03 . 2009-02-25 10:03 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\.purple 2009-08-29 06:42 . 2009-02-25 07:45 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-08-27 06:25 . 2009-03-12 03:51 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\Thinstall 2009-08-26 23:21 . 2009-05-06 02:13 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard 2009-08-24 02:12 . 2009-07-30 01:10 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\Move Networks 2009-08-24 01:44 . 2009-06-13 15:35 -------- d-----w- d:\program files\Best AlarmClock 2009-08-24 00:57 . 2009-02-25 08:00 -------- d-----w- d:\program files\Java 2009-08-23 23:38 . 2009-02-25 07:09 71768 ----a-w- d:\documents and settings\- Digiplay -\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-23 15:38 . 2009-08-23 15:38 84992 ----a-w- d:\windows\system32\olepro32.dll 2009-08-23 10:42 . 2009-08-23 10:42 970752 ----a-w- d:\windows\system32\F66BC5DD_System.Deployment.dll 2009-08-23 10:41 . 2009-08-23 10:41 6068352 ----a-w- d:\windows\system32\C4AFAF6E_nv4_disp.dll 2009-08-23 10:40 . 2009-08-23 10:40 997888 ----a-w- d:\windows\system32\5E757257_System.Management.ni.dll 2009-08-22 15:15 . 2009-02-25 08:28 -------- d-----w- d:\program files\Windows Media Connect 2 2009-08-22 15:14 . 2009-07-11 08:06 -------- d-----w- d:\program files\DivX 2009-08-22 15:14 . 2009-06-23 20:58 -------- d-----w- d:\program files\Dziobas Rar Player 2009-08-22 11:27 . 2009-02-25 09:25 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\uTorrent 2009-08-22 08:08 . 2009-02-25 09:38 -------- d--h--w- d:\program files\InstallShield Installation Information 2009-08-22 08:07 . 2009-02-25 09:38 -------- d-----w- d:\program files\Common Files\InstallShield 2009-08-13 17:27 . 2009-07-17 01:08 -------- d-----w- d:\program files\CounterPath 2009-08-05 06:39 . 2009-03-02 09:41 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\URSoft 2009-07-31 05:31 . 2009-07-31 04:24 -------- d-----w- d:\program files\NUnit 2.5.1 2009-07-28 19:46 . 2009-02-25 08:22 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\IDM 2009-07-28 07:45 . 2009-07-28 07:41 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\TeraCopy 2009-07-28 07:42 . 2009-07-28 07:41 -------- d-----w- d:\program files\TeraCopy 2009-07-28 07:37 . 2009-07-28 07:34 -------- d-----w- d:\program files\Super Copy 2009-07-25 09:23 . 2009-05-06 02:00 411368 ----a-w- d:\windows\system32\deploytk.dll 2009-07-22 06:52 . 2009-04-26 17:31 -------- d-----w- d:\program files\Yahoo! 2009-07-21 19:55 . 2009-07-21 19:55 -------- d-----w- d:\program files\NetDragon 2009-07-19 15:28 . 2009-07-19 15:04 -------- d-----w- d:\documents and settings\All Users\Application Data\WindSolutions 2009-07-19 15:20 . 2009-06-19 05:07 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\Yahoo! 2009-07-19 15:17 . 2009-04-26 17:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Yahoo! 2009-07-19 15:07 . 2009-07-19 15:06 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\CopyTransDoctor 2009-07-19 15:04 . 2009-07-19 15:04 -------- d-----w- d:\program files\WindSolutions 2009-07-19 15:04 . 2009-07-19 15:01 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\WindSolutions 2009-07-17 01:08 . 2009-07-17 01:08 -------- d-----w- d:\program files\Common Files\Intel 2009-07-16 03:25 . 2009-06-30 08:06 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\NetDrive 2009-07-11 17:02 . 2009-07-11 17:02 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\DivX 2009-07-11 08:06 . 2009-07-11 08:06 -------- d-----w- d:\program files\Common Files\DivX Shared 2009-07-07 16:19 . 2009-03-19 08:37 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\gtk-2.0 2009-07-04 17:43 . 2009-07-04 17:39 -------- d-----w- d:\docume~1\-DIGIP~1\APPLIC~1\DiskAid 2009-07-03 07:50 . 2009-07-03 07:50 -------- d-----w- d:\program files\WIDCOMM 2009-07-03 02:15 . 2009-07-03 00:29 -------- d-----w- d:\program files\PeerGuardian2 2009-06-12 08:00 . 2009-06-12 08:00 135 ----a-w- d:\documents and settings\- Digiplay -\Local Settings\Application Data\fusioncache.dat 2009-06-10 10:00 . 2009-06-10 10:00 68392 ----a-w- d:\windows\system32\sbbd.exe 2009-06-05 15:42 . 2009-06-24 00:07 39424 ----a-w- d:\windows\system32\drivers\usbaapl.sys 2009-06-05 15:42 . 2009-06-24 00:07 2060288 ----a-w- d:\windows\system32\usbaaplrc.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- d:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- d:\program files\mozilla firefox\plugins\ssldivx.dll 2009-03-23 14:52 . 2009-03-23 14:52 952 --sha-w- d:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2009-08-23 15:39 516096 6FBE974874389B7D5F11870747B8622C d:\windows\system32\user32.dll [-] 2008-10-27 20:34 361600 038CA45522FE9B756EFB90DBFA9141EA d:\windows\system32\drivers\tcpip.sys [-] 2008-10-27 20:54 588800 87576541BA029261CA7C6136367E6D42 d:\windows\system32\winlogon.exe [-] 2008-09-03 12:35 2185216 07B57AD9C3F1ACA0C9AA5C5F4898483B d:\windows\system32\ntkrnlpa.exe [-] 2008-09-03 12:34 2306560 3C6823D0D8BD11190D2A7A944837DB30 d:\windows\system32\ntoskrnl.exe [-] 2008-10-27 20:48 1914880 D0C27A01327B928AF81FEF4C16355DBB d:\windows\explorer.exe [-] 2009-08-23 15:38 1449472 8C32A3FB3C3E6E3050A3BA77BB39D306 d:\windows\system32\comres.dll [-] 2008-10-27 20:48 693248 46EC7ED696EFEEF5E3E39675E3E7686F d:\windows\system32\comctl32.dll [7] 2008-04-14 02:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [7] 2008-04-14 02:00 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll d:\windows\system32\ctfmon.exe ... is missing !! d:\windows\system32\drivers\beep.sys ... is missing !! d:\windows\system32\msgsvc.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="d:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536] "Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2008-03-23 1271808] "IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408] "DU Meter"="d:\program files\DU Meter\DUMeter.exe" [2009-06-03 2645528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="d:\windows\system32\nwiz.exe" [2009-01-29 1657376] "UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "AVP"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [BU] "VisualTaskTips"="d:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - d:\windows\system32\advpack.dll [2009-03-08 128512] d:\documents and settings\- Digiplay -\Start Menu\Programs\Startup\ Styler.lnk - d:\docume~1\-DIGIP~1\APPLIC~1\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-2-25 15086] d:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - d:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-3 572008] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "StartMenuFavorites"= 1 (0x1) "Start_ShowHelp"= 1 (0x1) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 1 (0x1) "Start_ShowMyPics"= 1 (0x1) "Start_ShowNetConn"= 1 (0x1) "Start_ShowPrinters"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Java\\jre1.6.0_06\\launch4j-tmp\\frd.exe"= "d:\\Program Files\\Yahoo! Messenger v8.1.0.249\\YahooMessenger.exe"= "d:\\Program Files\\Portable ooVoo v1.7.1.58\\ooVoo\\ooVoo.exe"= "d:\\Documents and Settings\\- Digiplay -\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "d:\\Documents and Settings\\- Digiplay -\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "d:\\Documents and Settings\\- Digiplay -\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Program Files\\iTunes\\iTunes.exe"= "d:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"= "d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "d:\\Program Files\\CounterPath\\eyeBeam 1.5\\eyeBeam.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP:ooVoo TCP port 443 "443:UDP"= 443:UDP:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:ooVoo UDP port 37675 "37676:TCP"= 37676:TCP:*:Disabled:ooVoo TCP port 37676 "37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676 "37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677 "37678:TCP"= 37678:TCP:ooVoo TCP port 37678 "37678:UDP"= 37678:UDP:ooVoo UDP port 37678 "37679:UDP"= 37679:UDP:ooVoo UDP port 37679 "37680:TCP"= 37680:TCP:*:Disabled:ooVoo TCP port 37680 "37680:UDP"= 37680:UDP:*:Disabled:ooVoo UDP port 37680 "37681:UDP"= 37681:UDP:*:Disabled:ooVoo UDP port 37681 R0 nielprt;Nielsen Patch Service;d:\windows\system32\DRIVERS\nielprt.sys [x] R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [x] R1 sbaphd;sbaphd;d:\windows\system32\drivers\sbaphd.sys [x] R2 SBAMSvc;AntiMalware;d:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [x] R2 sbapifs;sbapifs;d:\windows\system32\drivers\sbapifs.sys [x] R3 COMMSYM;CommView/WiFi Driver by TamoSoft;d:\windows\system32\DRIVERS\commsym.sys [2004-04-01 91392] R3 CV2K1;CommView Network Monitor;d:\windows\system32\DRIVERS\cv2k1.sys [x] R3 ndfs;ndfs;d:\program files\Netdrive\ndfs.sys [x] R3 NielGfx;Nielsen USB GFX;d:\windows\system32\drivers\nielgfx.sys [2009-03-20 9088] R3 SBRE;SBRE;d:\windows\system32\drivers\SBREdrv.sys [x] S0 iastor78;iastor78; [x] S0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [2008-01-29 32784] S1 vcdrom;Virtual CD-ROM Device Driver;d:\program files\System\CPL Bonus\Vcdrom.sys [2001-12-19 8576] S2 DUMeterSvc;DU Meter Service;d:\program files\DU Meter\DUMeterSvc.exe [2009-06-03 1386008] S3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592] S3 R5U870FLx86;R5U870 UVC Lower Filter ;d:\windows\system32\Drivers\R5U870FLx86.sys [2007-06-28 75008] S3 R5U870FUx86;R5U870 UVC Upper Filter ;d:\windows\system32\Drivers\R5U870FUx86.sys [2007-06-28 43904] S3 ti21sony;ti21sony;d:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544] --- Other Services/Drivers In Memory --- *NewlyCreated* - KLBG *NewlyCreated* - VCDROM [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] "d:\program files\Windows Sidebar\sidebar.exe" /RegServer . Contents of the 'Scheduled Tasks' folder 2009-08-30 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1645522239-1417001333-1003Core.job - d:\documents and settings\- Digiplay -\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 17:58] 2009-08-31 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1645522239-1417001333-1003UA.job - d:\documents and settings\- Digiplay -\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 17:58] . - - - - ORPHANS REMOVED - - - - BHO-{3CD92933-7C68-4E57-A7FB-BFACA7FCEF81} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) SharedTaskScheduler-{EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - (no file) . ------- Supplementary Scan ------- . uStart Page = www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = about:blank uInternet Settings,ProxyOverride = local;*.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - d:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - d:\docume~1\-DIGIP~1\APPLIC~1\Mozilla\Firefox\Profiles\qdldk56v.default\ FF - prefs.js: network.proxy.type - 4 FF - component: d:\documents and settings\- Digiplay -\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: d:\documents and settings\- Digiplay -\Application Data\Mozilla\Firefox\Profiles\qdldk56v.default\extensions\{10228D1E-6D25-4ccc-903E-272D66EEC763}\components\localsearch.dll FF - component: d:\documents and settings\- Digiplay -\Application Data\Mozilla\Firefox\Profiles\qdldk56v.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - plugin: d:\documents and settings\- Digiplay -\Application Data\Mozilla\plugins\npcoolirisplugin.dll FF - plugin: d:\documents and settings\- Digiplay -\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: d:\documents and settings\- Digiplay -\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: d:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-31 07:34 Windows 5.1.2600 Service Pack 3, v.5512 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc] "ImagePath"="d:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7737fdcf-1a8e-429e-94cc-a1f795e1d8c6}] @Denied: (Full) (Everyone) "Model"=dword:000000b7 "Therad"=dword:00000022 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d, df,1c,2f,3b,8a,0a,32,11,89,01,b5,02,72,34,2a,9a,b7,a6,eb,b7,1c,a3,28,fc,8d,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):0a,bb,de,6e,11,b3,2d,47,6a,96,66,b1,db,c5,01,a5,cc,87,e4,da,45, 7e,31,63,70,6a,ae,06,44,7f,d8,88,c5,60,01,74,6e,a4,50,c9,00,00,00,00,00,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1004) d:\windows\system32\SETUPAPI.dll d:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(1060) d:\windows\system32\setupapi.dll - - - - - - - > 'explorer.exe'(1552) d:\windows\system32\SHDOCVW.dll d:\program files\Utilities\VisualTaskTips\VttHooks.dll d:\windows\system32\msctfime.ime d:\windows\system32\COMRes.dll d:\windows\System32\cscui.dll d:\windows\system32\btmmhook.dll d:\windows\system32\SETUPAPI.dll d:\windows\system32\ieframe.dll d:\windows\system32\msi.dll d:\windows\system32\credui.dll d:\windows\system32\OneX.DLL d:\windows\system32\MSVCP60.dll d:\windows\system32\eappprxy.dll d:\windows\system32\WPDShServiceObj.dll d:\windows\system32\PortableDeviceTypes.dll d:\windows\system32\webcheck.dll d:\windows\system32\PortableDeviceApi.dll d:\windows\system32\hnetcfg.dll . Completion time: 2009-08-31 7:37 ComboFix-quarantined-files.txt 2009-08-31 11:37 Pre-Run: 15.200.370.688 bytes free Post-Run: 15.198.994.432 bytes free 379